Naval Academy preparing officers for cyberwarfare

Ensign Justin Monroe shows a Navy class how he could hack an open access point to reconfigure it from one group's WAP set-up in Michelson Hall at the U.S. Naval Academy.

Ensign Justin Monroe shows a Navy class how he could hack an open access point to reconfigure it from one group's WAP set-up in Michelson Hall at the U.S. Naval Academy. (Karl Merton Ferron / The Baltimore Sun)

Matthew Hay Brown, The Baltimore Sun

Huddled over laptop computers, four midshipmen spent 20 minutes setting up a wireless network and tested it with what they assumed was a private chat.

But Ensign Justin Monroe, a teaching assistant at the Naval Academy, used a small wireless receiver to intercept their conversation. With a click, he projected the messages on the screen at the front of the room for the entire class to see.

While their chatter was innocuous — "hello" and "he's in my company, too" — the implications, Monroe warned the class, were anything but.

"You're just broadcasting this," he said. "If you guys were talking about phone numbers, bank information, I would see it."

With an increasingly networked military fending off attacks on its computer systems on a daily basis, the Naval Academy is rapidly expanding its cybersecurity offerings — part of a larger effort to bolster the service's digital defenses.

The freshmen whose chatter Monroe intercepted Wednesday are members of the first class at the academy to be required to complete courses in cybersecurity. Capt. Steven "Doc" Simon, director of the academy's new Center for Cyber Security Studies, says the academy is the nation's first institution of higher learning — military or civilian — to establish such a requirement.

The center, which developed the introductory course and is working on an advanced class to be taught to all third-year midshipmen, also has established internships at the National Security Agency and the National Defense University, incorporated cybersecurity into the academy's professional development program, and is considering developing a major in the field.

Individual departments are offering electives in cryptography, computer forensics, cyber policy and the economics of cyber management. And the academy participates in the NSA's annual Cyber Defense Exercise, in which teams from the service academies and civilian universities compete to build the network best able to stand up to attack by the elite hackers of the NSA's Red Team.

The goal, Simon says, is to build awareness in the officer corps of what strategists now consider the fifth domain of warfare, after land, sea, air and space.

"We find very, very few areas where the Navy and the Marines operate that aren't impacted by cyberspace," he said. "Literally everything we do, whether it's flying an airplane or getting a ship under way or sending a Marine out to the field, has some cyber implications, whether it's merely crypto loaded into a radio so they can communicate securely or the mission that a battle group conducts."

Simon described the volume of attacks on military and other U.S. government servers as "astronomical." While he declined to say where the attacks originate, China and Russia are often suspected of hacking, as are organized criminals and private individuals.

Ultimately, he said, training in cybersecurity is to be extended to participants in Naval Reserve Officer Training Corps programs and enlisted personnel, with the aim of spreading awareness throughout the Navy.

The creation of the Center for Cyber Security Studies reflects a growing sense of urgency in protection of the nation's information infrastructure.

Several military, government and private organizations focused on the subject are based in Maryland. The U.S. Cyber Command and Defense Information Systems Agency have joined the National Security Agency at Fort Meade, and several colleges in the state offer programs in the field.

The Cyber Command was formed in 2009 to centralize operations after a major breach of the Defense Department's classified computer networks the year before. Officials said a flash drive believed to have been infected with a computer worm by a foreign intelligence service was inserted into a military laptop on a base in the Middle East.

Steve Schlein, a senior defense official, told the American Forces Press Service this week that "we are much better prepared than we were in 2008."

"The American military is transforming into a much more networked force," Forno said. "Social media, Internet technologies, personal iPhone — these are becoming part of the military environment, whether we like it or not. So we collectively need to ensure that those who are operating in that new cyber environment are aware of the technologies and what they can do and what the consequences for their misuse or their vulnerabilities are."

The emphasis isn't solely on defensive measures. The United States is suspected of having a hand in the Stuxnet computer virus that disrupted Iran's nuclear program last year. And The New York Times reported this week that Obama administration officials debated launching a cyberattack to disable Libya's air defenses this year in advance of the U.S.-led NATO strikes against the regime of Moammar Gadhafi.

Simon foresees some of the midshipmen most focused on computer science and information technology becoming offensive cyberwarriors.

Monroe, the teaching assistant, also talked about teaching midshipmen offense as well as defense.

"People say the best defense is a good offense," he said. "Knowing how someone's going to come into your system is a great way to understand how you defend the system from attack."

Simon said he is trying to bring in "a world-class hacker" to speak to midshipmen — someone in their 20s, close to the age of the students — who "can really relate to what goes on and why they hack and how they do it and what their motivation is."

Jake Dang, a first-year midshipman from Alexandria, Va., had considerable computer experience before entering the academy but said he had no idea how vulnerable they could be.

"I knew there were a lot of risks associated with using computers. I knew that cyberspace, it's an open frontier," he said. "But I didn't completely understand how big cyberspace could be, or how dangerous."